Support authentication in Toolpad

[prakhargupta1]

Summary 💡

I'd like to protect my Toolpad application with authentication. Toolpad should support integrating with any oauth service provider. In short I'd expect to be able to choose and configure my provider of choice (Google, GitHub, Auth0, Okta,...). When an auth provider is configured, Toolpad will display an interstitial page when unauthenticated users visit the application. The page will show a button for each configured auth provider and clicking it will guide you through the relevant oauth flow. After successfully completing the flow, the user can use the Toolpad application as usual.

Toolpad should show a UI in the top right corner when a user is authenticated, (avatar or first name of email address) with a menu that allows to log out.

Once the notion of user is introduced, then come the notion of permissions #352.

• Support Google and GitHub authentication Add authentication #2925
• Support Azure AD Add RBAC with Azure AD authentication provider #3077

Examples 🌈

• https://docs.retool.com/sso/quickstarts/google/google-sign-in
• https://refine.dev/docs/tutorial/understanding-authprovider/headless/auth-pages/#login-page
• https://marmelab.com/react-admin/Authentication.html#customizing-the-login-component

Motivation 🔦

• https://groups.google.com/u/1/a/mui.com/g/toolpad/c/RE0ETYdyF3o

[Janpot]

Would like to add that the custom server feature that we are currently building, which allows for running a Toolpad application as a express/connect middleware, will allow you to add any additional middleware in front. This therefore also gives you the full freedom to add any authentication method you want (e.g. passport.js). The cookie api in serverside code also allow you to pass any user tokens from a custom middleware to Toolpad.

This ofcourse doesn't mean we shouldn't support SSO out of the box, it's just that after this feature is fully implemented, the possibilities for implementing custom authentication strategies are further extended

[bharatkashyap]

@Janpot Agreed. Am I correct in imagning a high-level proposed documentation page for Authentication in Toolpad to be something like this:

Authentication in Toolpad

SSO

Toolpad supports Single Sign-On authentication methods out of the box, with multiple providers ...

Custom Server

If you're running Toolpad as a middleware inside your own backend, Toolpad gives you full freedom to add any authentication method you want (e.g. passport.js). The cookie api in serverside code also
allows you to pass any user tokens from a custom middleware to Toolpad...

Basic Auth

If you're only building a small application and your authentication requirements are basic, you may choose to use ...